TEE refers to an independent secure operation environment for a mobile phone, which is logically insulated from a normal Rich Execution Environment (REE) and can merely interact with the REE via an authorized Application Programming Interface (API). The TEE may support such security characteristics as secure starting and secure application management, and these characteristics require the pre-distribution of a relevant key in the secure terminal, or the dynamical writing of the relevant key, as shown in FIG. 1.
For a conventional TEE key management scheme, the keys are stored in the TEE. As shown in FIG. 2, an initial key or a normal key is written during the production, and this key is managed by an operator. In this regard, for an open market, it is impossible to acquire the user's selection of the operator, so it is impossible to bind the mobile terminal to a particular operator in advance, i.e., the conventional TEE solution cannot be used for the mobile terminal in the open market. In addition, in the case of changing an operator to which the TEE of the mobile terminal has been bound, the mobile terminal cannot be used any longer, so the user experience will be adversely affected.
Hence, there is an urgent need to make the TEE of the mobile terminal available without binding it to a particular operator in advance.